Rewterz Threat Advisory – ICS – Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
August 29, 2021Rewterz Threat Advisory – CVE-2021-3712 – Out-of-Bounds Read Vulnerability in OpenSSL
August 30, 2021Rewterz Threat Advisory – ICS – Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
August 29, 2021Rewterz Threat Advisory – CVE-2021-3712 – Out-of-Bounds Read Vulnerability in OpenSSL
August 30, 2021Severity
Medium
Analysis Summary
CVE-2021-23434
Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw when the path components used in the path parameter are arrays. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Unauthorized Access
- Code Execution
Affected Vendors
Node.js
Affected Products
- Node.js object-path 0.11.5
Remediation
Upgrade to the Node.js latest version of object-path, available from the NPM Web site.